196.188.187.205
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP 196.188.187.205/32
Overview:
IP address 196.188.187.205/32 was observed in the network environment on [date of observation]. The IP is associated with the following entities and behaviors, based on data collected from various cybersecurity tools and databases.
Ownership and Registration:
- Owner: The IP address is registered to [Organization Name], located in [Country/City]. The registration information was retrieved from WHOIS data as of [date of last WHOIS query].
- ASN: The IP falls under [ASN Name], which is known for [brief description of ASN activities, e.g., providing services to specific industries or regions].
Geolocation:
- Location: The IP is geolocated to [City, Country], based on geolocation services. This location is consistent with the organization's registered address.
Activity and Behavior:
- Traffic Patterns: Analysis of network traffic logs indicates that the IP has engaged in [describe observed activities, e.g., sending/receiving data to/from specific ports, protocols, or external IPs].
- Service Identification: The IP hosts services on [specific ports/protocols], which include [brief description of services, e.g., web server, FTP, etc.].
Historical Observations:
- Previous Reports: Historical data shows that the IP has been associated with [describe any past incidents or reports, e.g., benign activities, security incidents, etc.].
- Reputation: The IP has a [neutral/positive/negative] reputation score based on threat intelligence feeds. It has been flagged for [any specific reasons, e.g., malware distribution, DDoS attacks].
Relationships and Neighbors:
- Related IPs: The IP shares a network segment with [list of related IPs or network entities], which are associated with [describe any known activities or affiliations].
- Neighbor Analysis: Neighboring IPs have shown [describe any relevant activities or anomalies detected in the vicinity, e.g., increased traffic, suspicious connections].
Threat Assessment:
- Risk Level: Based on the collected data, the IP is assessed as [low/moderate/high] risk. The assessment considers factors such as [list factors, e.g., historical incidents, current activities, reputation].
- Potential Threats: The IP may pose threats related to [describe potential threats, e.g., data exfiltration, malware propagation, unauthorized access].
Recommendations:
- Monitoring: Continuous monitoring of traffic to and from this IP is recommended to detect any anomalous or malicious activities.
- Access Control: Review and enforce access control policies to restrict unnecessary communication with this IP.
- Threat Intelligence Sharing: Share findings with relevant threat intelligence platforms to enhance collective understanding and defense against potential threats.
This briefing provides a comprehensive view of IP 196.188.187.205/32, enabling SOC analysts to make informed decisions regarding network security and threat mitigation strategies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ethio Telecom |
| ASN | AS24757 |
| Network Name | 196.188.160.0 - 196.188.191.255 |
| CIDR Block | 196.188.160.0/19 |
| RIR | AFRINIC |
| Country | ET |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
โ Unusual for residential โ open services on a home connection may indicate self-hosting, compromise, or misconfigured networking equipment.
๐ TLS Certificate
CN=mdrtbtracker.moh.gov.et
Issued by CN=YR2, O=Let's Encrypt, C=US
Self-signed: No
| SANs | mdrtbtracker.moh.gov.et |
| Valid From | 2026-06-20T09:18:31+00:00 |
| Valid Until | 2026-09-18T09:18:30+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 05B5525E4D49D596305C9A99BBDB39B06032 |
| Thumbprint | 7FA51BEC061AC123E01D8A6650C31681BFCB148F |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 5 |
| routing | 21% | 1 | 2 |
| services | 30% | 2 | 4 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 24% | 9 | 17 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Mostly Consistent (82%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Classified as residential but has 4 open ports
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:05 UTC |
| Last Seen | 2026-06-26 18:11:01 UTC |
| Profile Built | 2026-06-24 02:42:01 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
๐ 21 signal types ยท 26 observations collected
This report is generated from 21+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.